locked
WS2008R2, W-firewall suddenly block DHCP requests (port 67) RRS feed

  • Question

  • Hi,

    my windows firewall on server with WS2008R2 suddenly block DHCP requests. It is using as DHCP server. When I turn off firewall, all is working. Everything worked a few years. Dropping is recorded in firewall log:

    2014-01-29 08:51:32 DROP UDP 0.0.0.0 255.255.255.255 68 67 390 - - - - - - - RECEIVE

    Where can be problem? Some update or some policy? Thank you for response.

    kayncz

    Wednesday, January 29, 2014 8:35 AM

Answers

  • Hi,

    Run ipconfig /renew, check if the request is blocked again.

    Double check firewall rules, make sure port 67 and 68 is open.

    Since you disable firewall it worked immediately, I believe there must be something wrong with firewall rules.  

    Hope this  helps.

    • Marked as answer by Daniel JiSun Tuesday, February 4, 2014 9:05 AM
    Friday, January 31, 2014 9:41 AM

All replies

  • Hi,

    Have made any change on the server, firewall rules, group policy or installed any roles?

    What is your network topology look like? Are they in the same subnet?

    At last, servers are usually configured with a static IP. So I’m a bit confused with the situation. Can you elaborate it?

    Thursday, January 30, 2014 1:57 AM
  • No change. Someone called me from a work in morning that Internet not working but some computer is working (these computers are online 24/7). So computers which are off over night didn't get IP address from server. After while I found out that firewall blocks DHCP requests. I checked logs but nothing weird.

    It's a small network. All is in the same subnet. Windows server is DHCP, DNS, AD, MSSQL and some software but it's not a gateway to Internet. About month ago I add to network Mikrotik as gateway to Internet (for security) instead Windows server. Windows server was gateway to Internet with NAT early.

    So if I'm not mistaken, when computer wants new IP address, it uses broadcast. When it wants renew address it use unicat direct to known DHCP server. Problem would be in dropping broadcast packet with DHCPREQUEST.

    Thanks for reply. I can add more info if needed.

    Thursday, January 30, 2014 8:30 AM
  • Hi,

    Run ipconfig /renew, check if the request is blocked again.

    Double check firewall rules, make sure port 67 and 68 is open.

    Since you disable firewall it worked immediately, I believe there must be something wrong with firewall rules.  

    Hope this  helps.

    • Marked as answer by Daniel JiSun Tuesday, February 4, 2014 9:05 AM
    Friday, January 31, 2014 9:41 AM
  • Hi,

    I found a problem. I forget I had tried to run https://github.com/EvanAnderson/ts_block to block IP addresses trying to log on to the server. And this script was still running. Unfortunatelly, this script added a rule to block 0.0.0.0 and then the server started to block DHCP requests.

    Thanks for help.

    Tuesday, February 4, 2014 9:41 AM